When life gives you lemons, make lemonade?

May. 9th, 2006 12:15 pm
cheeni: (Default)
[personal profile] cheeni
[UPDATE: The message I received seems to have been sent by the spammers to discredit BlueFrog. That said, I don't relish the idea of being part of the collateral damage in the war between spamfighter and spammer.]

Bluesecurity is the maker of the infamous BlueFrog anti-spam solution that hits back at spammers by bouncing suspected spam messages back to the spam source. The anti-spam community at large hasn't approved of Blue Frog's practices, some even labelled the tool as a DoS kit, but nevertheless the reactionary approach to spam protection has its supporters.

Last week Blue Security's website was at the receiving end of a heavy DDOS attack probably launched by disgruntled spammers. Blue Security swapped DNS entries for their website with their blog that was hosted on TypePad. The result, all of Typepad, including LiveJournal was taken down. Naturally, there have been very few voices of support for Blue Security, even though in a sense they are also victims.

I just received an email from BlueSecurity (technically this is UCE since I never gave them my email address - they must have harvested it from one of the security mailing lists) announcing the launch of their DDoS network testing service that uses an "extensive botnet".

Wow! Now, I wonder if their botnet is the BlueFrog customer base? If that is the case, it is really, really scary. If not, well, it's still scary. Even if their terms of service allow it, and even if they don't launch illegal attacks it won't be long before underground hackers discover a way to operate the BlueFrog network in DDoS mode.

Skybox Security Solutions

Simulated DDoS Network Attacks and Network Intrusions

Customer Challenge:
Large corporations often hire consultants to conduct quarterly penetration (DDoS)
testing on specific segments of their corporate network. This testing can cost over
hundreds of thousands of dollars, and also exposes the network to many potential
disruptions. These disruptions are the result of the intense DDoS attacks testers
can impose on live networks in order to isolate vulnerabilities and weaknesses.
Since the network is constantly changing, and DDoS attacks are rarely dispersed
from a centralized location, the penetration test results often become nullified and
end up being limited to a small portion of the total network.

The Skybox Solution:
Skybox Security performs accurate and non-intrusive DDoS attacks across a larger
portion of the corporate network. The tests are modeled and analyzed through an
automated process via our large botnet network rather than manually performed on a
live network. As a result, the tests are repeated rigorously on a scheduled basis
without any fear of network disruption. Through DDoS attack and access simulation,
vulnerability exposures as well as security control weaknesses are revealed instantly.
DDoS attack simulation discovers all possible attack scenarios and reveals the step
by step process that an attacker or worm may follow. It illustrates specific vulnerabilities
to be exploited and network access traversed for each exploitable path. Access simulation
calculates network access privileges determined by firewall and routing configuration.
Our botnet helps characterize the interconnectivity between any two given points, reporting
not just whether access is possible, but also the detailed path to reach a final destination.
Based on these combined results, security personnel are able to determine what additional
DDoS attacks are necessary and where to deploy our organizations penetration testers.

Awards:
Info Security - Info Security Hot Companies 2006
The Wall Street Journal - One of the most innovative companies in 2005
Information Security Magazine - Product of the year
Network Magazine - Most Visionary Security Product
Network Magazine - Best of the Best in all categories
Secure Enterprise Magazine - Editor's Choice
Gartner - " Cool Vendor " in the security & privacy space
SC Magazine Awards 2006 Winner - The Best Security Solution for Financial Services
IM2005 Award finalist - Information Security and Product of the Year

Company Profile:
Eran Reshef
Founder, Chairman & CEO of Blue Security ( www.bluesecurity.com )

A serial entrepreneur, Eran is currently the founder, chairman & CEO of Blue Security,
the do-not-disturb registry pioneer. Prior to Blue, Eran co-founded Skybox Security and
served as its Chairman. Prior to Skybox Eran founded and managed Sanctum (acquired
by WatchFire), the leader in web application security. Eran holds a variety of security-
related patents that are based on his inventions.

Rina Shainski
General Partner at Carmel Ventures ( www.carmelventures.com )

Following a successful career leading business development and R&D operations in
high-growth software companies, Rina has been investing in software companies ever since.
Before joining Carmel she served as the VP Business Development at Clal Industries and
Investments where she was responsible for software investments. From 1989 to 1996, Rina
held several managerial positions in Tecnomatix including VP Business Development and
R&D Director. Rina serves on the boards of Followap Communications, Skybox Security,
mFormation and Silicon Design Systems. Rina holds a B.Sc. degree in Physics from Tel
Aviv University and a Master of Science degree in Computer Science from Weizmann Institute.

Contact Information:
2077 Gateway Place, Suite 550
San Jose, California 95110 USA
Phone: 866-6SKYBOX
Phone: 408 441 8060
Fax: 408 441 8068

Regional Offices (Israel)
60 Medinat Hayehudim St.
P.O.Box 4109
Herzliya Pituach 46140 Israel
Phone: +972-9-9545922
Fax: +972-9-9545933

  • Current Mood: pissed off
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

This email was not sent from Blue Security...

Date: 2006-05-09 09:38 am (UTC)
From: (Anonymous)
It was sent by the same spammer that has been attacking them in hope of discrediting the company.
Read more here (http://www.bluesecurity.com/Announcements/spam.asp) and here (http://groups.google.com/group/bluefrog/browse_frm/thread/b331b0b9f692e261)

Re: This email was not sent from Blue Security...

Date: 2006-05-09 12:38 pm (UTC)
From: [identity profile] sriniram.livejournal.com
Hmm... you are probably right, my spam headers say this:

X-Spam-Status: Yes, score=3.9 required=2.0 tests=BAYES_00,DIGEST_MULTIPLE,
	HTML_30_40,HTML_MESSAGE,MIME_HTML_ONLY,NO_REAL_NAME,PYZOR_CHECK,
	RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET 
	autolearn=no version=3.0.3
X-Spam-Report: 
	*  0.0 NO_REAL_NAME From: does not include a real name
	*  0.0 HTML_30_40 BODY: Message is 30% to 40% HTML
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	*  0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
	*      [cf: 100]
	*  0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
	* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
	*      [score: 0.0000]
	*  1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
	*  3.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
	*  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
	*      [Blocked - see <http://www.spamcop.net/bl.shtml?211.220.135.206>]
	*  0.1 DIGEST_MULTIPLE Message hits more than one network digest check

Re: This email was not sent from Blue Security...

Date: 2006-05-09 09:04 pm (UTC)
From: (Anonymous)
The "Received:" headers (which give us the IP address that can be traced via www.geektools.com/whois.php ) would be much more useful. I'm betting that this particular mail was sent from Brazil, China or South Korea.

Re: This email was not sent from Blue Security...

Date: 2006-05-10 01:51 am (UTC)
From: [identity profile] sriniram.livejournal.com
Yup, Korea.

$ whois 211.220.135.206
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 211.216.0.0 - 211.225.255.255
netname: KORNET
descr: KOREA TELECOM
descr: KOREA TELECOM Internet Operating Center
country: KR
admin-c: DL276-AP
tech-c: WK81-AP
remarks: ***********************************************
remarks: KRNIC of NIDA is the National Internet Registry
remarks: in Korea under APNIC. If you would like to
remarks: find assignment information in detail
remarks: please refer to the NIDA Whois DB
remarks: http://whois.nida.or.kr/english/index.html
remarks: ***********************************************
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: hostmaster@apnic.net 20000901
changed: hostmaster@apnic.net 20000912
changed: hostmaster@apnic.net 20010627
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20041007
source: APNIC

person: Dongjoo Lee
address: Korea Telecom
address: 128-9 Youngundong Chongroku
address: SEOUL
address: 463-711
country: KR
phone: +82-2-747-9213
fax-no: +82-2-766-5901
e-mail: ip@ns.kornet.net
nic-hdl: DL276-AP
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr 20010523
source: APNIC

person: Won Kang
address: Korea Telecom
address: 128-9 Youngundong Chongroku
address: SEOUL
address: 463-711
country: KR
phone: +82-2-747-9213
fax-no: +82-2-766-5901
e-mail: ip@ns.kornet.net
nic-hdl: WK81-AP
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr 20010523
source: APNIC

  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Profile

cheeni: (Default)
cheeni

April 2009

S M T W T F S
   1234
567891011
12131415 161718
19202122232425
2627282930  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 1st, 2026 08:21 pm
Powered by Dreamwidth Studios